Using .htaccess to block referrer spam with wildcard subdomains

Question

I have been trying to block some referral spam to our WordPress sites using .htaccess code similar to that shown below.

This seems to be fairly effective in blocking the primary domains (semalt.com) and explicitly defined subdomains (semalt.semalt.com).

But, the wildcard subdomains (i.e. 1.semalt.com, 2.semalt.com) seem to be getting past the filters.

Is there anything obviously wrong with this code allowing wildcard subdomains to get through?

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /

# block spammers
RewriteCond %{HTTP_REFERER} ^https?://([^.]+\.)*semalt\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^https?://([^.]+\.)*kambasoft\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^https?://([^.]+\.)*savetubevideo\.com [NC,OR]
RewriteCond %{HTTP_REFERER} semalt\.semalt\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^https?://([^.]+\.)*seoanalyses\.com [NC]
RewriteRule .* - [F]

RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

Also, I have managed to reduce the stream to a trickle, so it is possible the htaccess code is correct, and the spammers are getting around this other ways. Thanks!

Answer 1

There are thousands of such websites spamming blogs and forums and the only solution is to block spam referrer sites using .htaccess But this is not the solution to rid of spam hits on your site. You need to configure the Google Analytical tool too. You can try following code (tested)

RewriteEngine on
RewriteCond %{HTTP_REFERER} ^http://.*ilovevitaly\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*success\-seo\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*ilovevitaly.\.ru/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*ilovevitaly\.org/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*ilovevitaly\.info/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*iloveitaly\.ru/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*floating\-share\-buttons\.com/ [NC,OR] 
RewriteCond %{HTTP_REFERER} ^http://.*econom\.co/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*savetubevideo\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*kambasoft\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*buttons\-for\-website\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*.Get\-Free\-Traffic\-Now\.com/ [NC,OR] 
RewriteCond %{HTTP_REFERER} ^http://.*.free\-social\-buttons\.com/ [NC,OR] 
RewriteCond %{HTTP_REFERER} ^http://.*semalt\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*darodar\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*best\-seo\-report\.com/ [NC]
RewriteRule ^(.*)$ – [F,L]

Also see Getting rid of spam referral hits on your website or blog